Meet the Man Who’s Gauging the Damage From Snowden

By Charles S. Clark

August 15, 2014

Among the many actions the Obama administration took in the “post-Snowden” era of insider threats was to appoint a new governmentwide counterintellligence chief.

The man filling that role, or the “NCIX,” as acronym-inclined national security feds call the National Counterintelligence Executive, is Bill Evanina, 47, a former FBI special agent with a counter-terrorism specialty.

Tapped in May 2014 by James Clapper, director of the Office of National Intelligence, Evanina is now immersed in coordinating multi-agency efforts to mitigate the risk of foreign infiltration, assess damage from intelligence leaks and tighten the security clearance process.

He spends most days at the NCIX office in Bethesda, Md., but spoke to Government Executive from ODNI headquarters in McLean, Va., as part of the intelligence community’s “marketing strategy of new openness, which includes explaining which part of the federal government does what,” he said.

Evanina debuts at a time when the administration is under new pressure to prevent internal spying by bad-actor employees. His team also helps U.S. industry fend off cyber attacks and anticipate military threats from emerging terrorist groups.

From the left, the administration must also answer the rising chorus of critics in the press and whistleblower advocacy communities who say President Obama isn’t living up to his 2009 vow to run “the most transparent administration in history.”

As of this summer, this administration has brought eight prosecutions of agency leaks under the 1917 Espionage Act—more than all other administrations combined, according to Jesselyn Radack, an attorney who works national security and human rights issues for the nonprofit Government Accountability Project. Her group and others warn that crackdowns on leakers and agency overreliance on classification inhibit the free pursuit of journalism in a democratic society.

“Instead of getting carried away with the concept of leakers as heroes, we need to get back to the basics of what it means to be loyal,” Evanina says. “Undifferentiated, unauthorized leaking is a criminal act. If you want to call yourself a whistleblower, there are methods in place,” he said. “A security clearance is considered sacred, a privilege and an honor. We need to ensure that both the employees and the individuals doing the background checks are solid.”

Dealing with insider threats—a priority goal in the fiscal 2015 budget—has actually been on the intelligence community front burner since the WikiLeaks debacle in 2010, Evanina noted. “But it sped up from a regional railway to the Acela train,” the Pennsylvania native added, with the June 2013 leaks on National Security Agency domestic surveillance exposed by contractor Edward Snowden, the former Booz Allen Hamilton contractor with NSA now exiled in Russia.

One of Evanina’s central tasks now is chairing the governmentwide assessment of the damage caused by Snowden, a report slated for completion next summer.

Asked about suggestions by House Intelligence Committee Chairman Mike Rogers, R-Mich., that Snowden may have had prior links to the Russians, Evanina said, “There is no evidence on that either way.”

But when queried about an Aug. 6 New York Times report of leaked internal documents showing “secret terror lists” that include 28,000 Americans kept by the National Counterterrorism Center, Evanina was firmer. “No unauthorized leak is routine,” he said. “It’s a criminal act that has us very concerned. In the intelligence community’s view, every disclosure is a problem because it betrays the people who collected that data. There’s a rationale on why it was classified,” he added, citing a need to protect “both the collection methods and lives.” The FBI is moving forward,” he said, with a probe into how the lists were leaked to an online magazine called The Intercept.

Evanina, who most recently headed the CIA’s Counterespionage group, smiles when a visitor mentions a new biography of Kim Philby, the notorious upper-crust Briton who betrayed both the British and American intelligence agencies in the 1940s through 1960s, when he defected to Russia.

In 18 years at the FBI based primarily in New Jersey, Evanina worked on the post-9/11 investigation of Flight 93, the 2001 Anthrax attacks, and the investigation into the al Qaeda killers of Wall Street Journal reporter Daniel Pearl. He also led the espionage investigation of convicted FBI-agent-turned-spy Leandro Aragoncillo.

The top priority of his current job, which was created in 2002, is to coordinate enforcement of Obama’s November 2012 memorandum on National Insider Threat Policy and the Minimum Standards. It tasks agencies with confronting threats “by establishing common expectations; institutionalizing executive branch best practices; and enabling flexible implementation across the executive branch.”

That challenge is a “whole of government issue, but it’s tailored to individual agencies,” Evanina said, “to test and identify when something nefarious is going on, either through data movement or exfiltration.” More than 70 agencies store classified material, he notes, but the quality of their counterintelligence shops varies. “Some have one retired police officer, others have several former CIA or FBI employees.”

Today’s threats, of course, have grown exponentially alongside new technologies. The 22-year-old Florida man recently discovered as an al-Qaeda suicide bomber in Syria “could have chosen to be a hacker and put a virus or malware at Cape Canaveral,” Evanina said. “Globalization has made things more complicated, and individuals have multiple venues to go to. With the click of a finger, they’re in chat rooms and in gaming systems and they may go after our more nondescript agencies as the weakest link. Everybody’s vulnerable.”

China and Russia are probably both the No. 1 threats, Evanina said, because they target U.S. industry’s communications security and intellectual property. “They don’t have a robust research and development effort, and in the long-term what’s at stake is not just our ships and missiles, but our economic leadership in the world.”

The NCIX also plays a pivotal role in improving the government’s security clearance background checks. “We need more continuous evaluation,” said Evanina, adding that five or 10 years is too long to wait in the modern era to revisit a cleared employee’s personal background. Both the Snowden breach and the September 2013 shootings at the Washington Navy Yard by a mentally ill contractor “might have been helped if we’d employed a risk-based approach to prioritizing employees to get new background checks sooner than others,” he said. Continuous evaluation will be “supplemental—it won’t replace standard background checks and it won’t prolong hiring time,” he said.

One crisp action taken following agency auditing after Snowden’s exposure: 100,000 fewer people have security clearances than did a year ago, Evanina said. “That’s a lot.”

Evanina meets regularly with agency working groups, congressional staff and the Office of Personnel Management to refine the current system. Continuous evaluation “would not just expose future Snowdens, it would identify people in need—those with financial or emotional problems—so we can get them help,” he said.

More-frequent background updates “do cost money and resources are tight,” he agrees. But it’s money well spent.” Does it harm morale? “That’s a fair question, but employees understand that it’s done to protect them.” Continuous evaluation “may identify someone at risk to themselves or others, perhaps they’re mad at not getting promoted and may download information.”

The NCIS’s insider threat agenda, the executive noted, is not oblivious to the public’s right to know what its government is up to. His team works to expedite “unclassification” of documents no longer viewed as sensitive in agencies within and outside the intelligence community, which are “far too stovepiped,” Evanina said.

“Concerns over privacy and civil liberties are significant,” he insisted. “We have attorneys who serve as wickets as part of our fabric, for checks and balances. We work with the White House and the president’s Privacy and Civil Liberties Oversight Board to make sure that all understand this,” Evanina said. “Civil liberties folks have been a critical part of our country going back to John Adams.”